Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

What does all this mean...??Please help me to get my computer back to normal and if you could e-mail your responses to (address removed) i would love that. Hopefully someone will be able to help me find an answer. Thanks for your help. Bee

Highjackthis.exe is running out of a temp folder.HijackThis.exe in a Temp folder: Can be accidentally deleted when the temp files are cleaned out, so to the backups. Highjackthis.exe needs a permanant folder of it's own in order to create backupsCreate a folder on the desktop, right click on the desktop, select new folder,and name it HJT . Now locate "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K81VKI5I\ HijackThis[1].exe copy and paste it into the new folder ( HJT ) you created on the desktop.

You have posted an out of date highjack log "Logfile of HijackThis v1.99.1"

You had the right version in your first post,"Logfile of Trend Micro HijackThis v2.0.2"All I wanted you to do was put it into a permanent folder.

suggestion: Delete v1.99.1

Click Start

Go to Control Panel

Go to Add/Remove Programs

Find and click Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:

HijackThis v1.99.1

save any confusion.

Go to your desktop and in an open space right click mouse in the menu click new then folder. Name this folder "HJT" now go to this location "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K81VKI5I\HijackThis[1].exe"I want you to find "HijackThis[1].exe" right click mouse copy or ctrl+c and find the new folder you created and named "HJT" then paste "HijackThis[1].exe" in to it.Then post me a further log,if we don't do this we are unable to make backups should things not go as planned.see how you go.dan

Hi, Bee, Well done.ok, we can now make a start.You may want to print these instructions for reference

We have a few malware processes and files which we need to get rid of.Please be patient, and follow all of the instructions as given. Please do not reboot unless it is partof the fix, or you have no other choice. While you are following the fix, you will find it helpful to havea pen and paper handy to take any notes, so you can let me know what happens. Typical information that will be helpful will be:

Files or folders that will not delete properly

Any errors that occur when following a fix or during bootup

Notes on your system's operation (sluggish internet, popups, etc)

The more information we have, the better our chances to clean your system!

------------------------------------

Delete bad programs

Click Start

Go to Control Panel

Go to Add/Remove Programs

Find and click Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:

NetProjectMalwareCore 7.3NetProject

**Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Double-click SmitfraudFix.exe.Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exeis detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Okay so when i open any internet explorer it brings me to an about:blank page instead of my home page. Also whenever I turn on my computer Win spykiller always pops up and tells me i have a virus. I also have other icons that pop up on the toolbar with the start menu by the clock in the bottom right hand corner that tell me i have a virus that other people can access personal information from such as name computer ip credit card information ect. When i went into my programs I had already removed maleware removal but it is still sending me messages and it is no longer in the add or remove programs?...but here are the two new reports

Hi,Bee, you might want to print these instructions as during safe mode you will not have net access!Carry out instruction as I have detailed.

Please download ATF cleanerDo not run it yet.----------------------------------------------------AVG Anti-Spyware - 1st Part Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

Click the Update icon at the top and under Manual Update click the Start update button.

The program will either update or inform you that no update was available.

It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

Please set up the program as follows:

Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.

Click the Update icon and untick the automatic update option.

Click on Scanner on the toolbar.

Click on the Settings tab.

Under How to act? - make sure that Quarantine is selected.

Under How to scan? - All checkboxes should be ticked.

Under Possibly unwanted software - All checkboxes should be ticked.

Under Reports - Select Do not automatically generate reports.

Under What to scan? - Select Scan every file.

Close all open windows.Do not run a scan yet.---------------------------------------------------- You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.---------------------------------------------------- Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All Click the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All Click the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.----------------------------------------------------AVG Anti-Spyware - 2nd Part

Click on Scanner on the toolbar.

Click on Complete System Scan to start the scan process.

Let the program scan your computer.

When the scan has finished, follow the instructions below:

Make sure that Set all elements to: shows Quarantine

Important: Click on the Apply all Actions button (*** This must done before saving the report***)

When the program has finished, it will display the message All actions have been applied.

Make a uninstall list using HijackThisTo access the Uninstall Manager you would do the following:

1. Start HijackThis2. Click on the Config button3. Click on the Misc Tools button4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Please post:

c:\rapport.txt

AVG log

A new HijackThis log

uninstall list

Your may need several replies to post the requested logs, otherwise they might get cut off.

Hi,Bee,Whilst were working through your Infected machine, please refrain from downloading any other program, other than those I instruct you tountil I give you the all clear. As you can appreciate sometimes not knowingly you can make things a little more difficult for yourself.

I noticed that you had downloaded: Winspykiller that wasn't on your previous logs, only this is deemed a rouge program.

Thanks for all your help and i was looking up the name of the virus and read soemthing similar to that so i have no bought any unrequired removal programs. But thank you so much for the heads up, when they say it's aggressive they really mean it! But I will wait for your expertise to make my next move. Thanks again

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.